<p>This rule is deprecated, and will eventually be removed.</p>
<p>Reading Standard Input is security-sensitive. It has led in the past to the following vulnerabilities:</p>
<ul>
  <li> <a href="https://www.cve.org/CVERecord?id=CVE-2005-2337">CVE-2005-2337</a> </li>
  <li> <a href="https://www.cve.org/CVERecord?id=CVE-2017-11449">CVE-2017-11449</a> </li>
</ul>
<p>It is common for attackers to craft inputs enabling them to exploit software vulnerabilities. Thus any data read from the standard input (stdin)
can be dangerous and should be validated.</p>
<p>This rule flags code that reads from the standard input.</p>
<h2>Ask Yourself Whether</h2>
<ul>
  <li> data read from the standard input is not sanitized before being used. </li>
</ul>
<p>You are at risk if you answered yes to this question.</p>
<h2>Recommended Secure Coding Practices</h2>
<p><a href="https://www.owasp.org/index.php/Input_Validation_Cheat_Sheet">Sanitize</a> all data read from the standard input before using it.</p>
<h2>Sensitive Code Example</h2>
<pre>
// The process object is a global that provides information about, and control over, the current Node.js process
// All uses of process.stdin are security-sensitive and should be reviewed

process.stdin.on('readable', () =&gt; {
	const chunk = process.stdin.read(); // Sensitive
	if (chunk !== null) {
		dosomething(chunk);
	}
});

const readline = require('readline');
readline.createInterface({
	input: process.stdin // Sensitive
}).on('line', (input) =&gt; {
	dosomething(input);
});
</pre>
<h2>See</h2>
<ul>
  <li> CWE - <a href="https://cwe.mitre.org/data/definitions/20">CWE-20 - Improper Input Validation</a> </li>
</ul>
